- 30 Jul, 2015 3 commits
-
-
Dave Cridland authored
Address XSS issues in admin console and monitoring plugin
-
Dave Cridland authored
-
Dave Cridland authored
A number of stored XSS issues were found by Dean Hardcastle during testing of the monitoring plugin's admin console. These include cases where chatroom nicknames and message text are not adequately escaped.
-
- 22 Jun, 2015 5 commits
-
-
akrherz authored
-
akrherz authored
-
Dave Cridland authored
Denote Openfire 3.10.2 Release
-
Speedy authored
See http://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-ldap.html#pooling LDAP Connection Pooling is disabled when using a custom ssl socket. The custom socket was used to accept unsigned/untrusted/expired ssl certs. I removed the use of the custom socket, and also added the required system property to enable connection pooling when using SSL, which was missing.
-
akrherz authored
-
- 19 Jun, 2015 2 commits
-
-
Tom Evans authored
Rollback of this commit for OF-421: https://github.com/igniterealtime/Openfire/commit/89c06a88d75e15d36ce7f6ace88bbf5c71fb08df
-
Tom Evans authored
The inputClosed method was added during troubleshooting for MINA 2.0.9 and can be removed now that we have downgraded to 2.0.7.
-
- 17 Jun, 2015 1 commit
-
-
akrherz authored
-
- 16 Jun, 2015 2 commits
-
-
daryl herzmann authored
Openfire 3.10.1 Release
-
akrherz authored
-
- 15 Jun, 2015 1 commit
-
-
Dave Cridland authored
Prevent sessions in admin console from showing UnknownHostException
-
- 11 Jun, 2015 1 commit
-
-
andi@symphono.com authored
OF-889: Added try-catch blocks to the various JSP pages where Session.getHostName or Session.getHostAddress is called to prevent the Sessions tab from showing UnknownHostExceptions when there are bad client sessions laying around
-
- 10 Jun, 2015 3 commits
-
-
daryl herzmann authored
Address current problems in 3.10
-
Dave Cridland authored
Where the session is part-closed, these can throw NPE due to getRemoteAddress() returning null. This sledge-hammers the problem away.
-
Dave Cridland authored
Addressing DIRMINA-1012
-
- 09 Jun, 2015 1 commit
-
-
daryl herzmann authored
Do not synchronize on isClosed()
-
- 08 Jun, 2015 1 commit
-
-
Dave Cridland authored
There is a deadlock while reading the state variable if close() is running. This switches the state to be volatile instead - it's only written to inside the lengthy close() lock, so this should be reasonable.
-
- 31 May, 2015 2 commits
-
-
Dave Cridland authored
Openfire 3.10.1 Release Candidate
-
akrherz authored
-
- 29 May, 2015 5 commits
-
-
Guus der Kinderen authored
By closing a session when the new MINA inputClosed() handler is triggered, we run the risk of sending data to the peer. As that peer is known to be dead, this is pointless (and potentially dangerous - deadlocks have been observed that are likely related to this scenario). To prevent sending data during session closure, the close() method has been overloaded with an argument that indicates if the peer is known to be dead. When set, its implementation will not attempt to send data.
-
Dave Cridland authored
Currently, only stanzas containing errors of type cancel will cause the occupant to be removed, however this doesn't appear to catch and remove many occupants in practise. This patch therefore removes occupants from the service on any message or presence error stanza, irrespective of the error type. IQ stanzas do not trigger the same response, as these may be due to lack of client support rather than a vanished occupant.
-
Guus der Kinderen authored
The close listeners should not be called from within a synchronized block.
-
Guus der Kinderen authored
When a connection is closed, several events can be involved (and can be triggered). Some of these events will attempt to close the connection (if it hadn't been already). This, at best, least to multiple invocations of close-listeners. At worst, a loop of close-calls is created. This commit replaces the two-way boolean that guards closure (isClosed) with a three-way guard. Now, a distinction is made between between a connection that is closed, and one that is closing. Additionally, some null pointer guards have been added, as I've seen those pop up in my local logs during development.
-
Guus der Kinderen authored
-
- 28 May, 2015 3 commits
-
-
Guus der Kinderen authored
MINA 2.0.8 introduces support for half-duplex close of TCP channels (see DIRMINA-785). As part of this change, IoHandlers got a new method. The default behavior of the IoHandlerAdapter closes the MINA session when this handler is triggered. However, without an Openfire-specific extension (in ConnectionHandler), this fails to close Openfire-maintained resources. As a result, CPUs could start to spin in NIO code, resulting in 100% CPU cycles. To fix this issue, ConnectionHandler now overrides the default functionality and triggers a normal closure of the session (both in Openfire as well as MINA context). Additionally, to prevent the CPU spin, MINA sessions need to be closed synchronously (as opposed to the async closure Openfire had up until now). I cannot quite explain the need for this change, other than a suspision of race conditions in the async setup.
-
Guus der Kinderen authored
-
Guus der Kinderen authored
-
- 01 May, 2015 3 commits
-
-
Sven Bunge authored
-
Dave Cridland authored
-
Dave Cridland authored
OF-909: Include ack in BOSH response body element
-
- 29 Apr, 2015 2 commits
- 26 Apr, 2015 1 commit
-
-
akrherz authored
-
- 25 Apr, 2015 1 commit
-
-
Guus der Kinderen authored
-
- 21 Apr, 2015 1 commit
-
-
Dave Cridland authored
Openfire 3.10.0 GA Release!
-
- 20 Apr, 2015 1 commit
-
-
akrherz authored
-
- 10 Apr, 2015 1 commit
-
-
daryl herzmann authored
Mark Openfire 3.10.0 Release Candidate
-